Telegram malware scams have risen 2000% in the last 2 months: Scam Sniffer

Source Cryptopolitan

Web3 anti-scam platform ScamSniffer has reported a sizable increase in malware scams on Telegram’s social messaging platform. According to the firm, Telegram group malware scams increased by 2000% between November 2024 and January 2025.

This new form of attack started gaining prominence in late 2024 and continues to grow alarmingly. With this tactic, bad actors use fake groups and verification bots to distribute malware that can access users’ devices and steal their assets.

Telegram Groups malware
Telegram malware groups are increasing rapidly. Source: Scam Sniffer

These fraudulent groups, usually advertised as exclusive alpha, airdrop, or trading groups, lure users to execute malicious code or install fake verification software to join the channel. Once executed, these codes and software allow the bad actors full access to users’ devices, where they can collect sensitive information to steal users’ assets.

Scam Sniffer wrote:

“Once you execute their code or install their “verification” software, they can access your passwords, scan for wallet files, monitor your clipboard, and steal browser data.”

While it is hard to determine how much has been lost to this new attack vector, Scam Sniffer noted the increase in the number of such scams, which suggests that it is working.

Malware attacks come in multiple variants 

Telegram malware scams have several variants that muddle up the waters for users. In one variant, the attackers ask users to input their phone number and login code for verification instead of executing any code or installing software. However, the phone number and login code give them access to the users’ Telegram accounts and allow them to take control.

Beyond using Telegram, the attackers also execute the same tactic using fake Cloudflare verification pages that deploy malicious code to the clipboard. The fake page usually contains a prompt asking for extra verification and requesting a user to run the Windows + R command. If successful, the malware becomes part of the device and is added to Windows startups.

With these bad actors using several variants of the same scam, security experts have called on users to be more cautious about what links they click and the software they install. Scam Sniffer noted that most of this malware usually contains invites promising users they do not need to sign anything or connect their wallet, while some also ask users to join groups for real-time updates.

The firm identified some fake bots that scammers use, including OfficialSafeguardRobot,  SafeguardsAuthenticationBot, and safeguardoff_bot. All these bots have naming similarities with real verification bots, with subtle misspellings and changes to mislead users.

Given that the full scope and impact of these new scam tactics remain unknown, experts noted that the best protection is for users to never run an unknown command, install unverified software, or use clip-based verification. As Scam Sniffer observed, no genuine crypto project requires users to run a code before they can join a group.

Shift to Telegram malware due to users’ awareness of phishing 

Scam Sniffer claims that bad actors adopted these new tactics because users are now more aware of traditional phishing tactics. Although phishing continues to result in significant losses, with almost $500 million lost in 2024, the security firm noted that regular phishing incidents have remained stable over the past two months.

Beyond their novelty, Telegram malware scams have a more devastating impact. This malware gives attackers more access to users’ devices, enabling them to hack multiple wallets and wreak more havoc using the sensitive information they glean from victims’ devices.

Interestingly, hackers are not just impersonating crypto influencers to market their fake groups. They are also using fake pages of legitimate crypto projects to target communities and invite them to join groups. Scam Sniffer identified invites for fake Telegram Groups attributed to projects such as Scoutly, Fridon AI, Build, and Hiero.

From Zero to Web3 Pro: Your 90-Day Career Launch Plan

Disclaimer: For information purposes only. Past performance is not indicative of future results.
placeholder
What Crypto Whales are Buying For May 2025Crypto whales are making bold moves heading into May 2025, and three tokens are standing out: Ethereum (ETH), Artificial Superintelligence Alliance (FET), and Onyxcoin (XCN).
Author  Beincrypto
Apr 21, Mon
Crypto whales are making bold moves heading into May 2025, and three tokens are standing out: Ethereum (ETH), Artificial Superintelligence Alliance (FET), and Onyxcoin (XCN).
placeholder
Gold price snaps selling off after fresh Trump comments on tariffsGold price (XAU/USD) is turning positive, recovering above the $$3,300 level at the time of writing on Thursday after two days of firm selling pressure since it topped at $3,500 on Tuesday.
Author  FXStreet
Apr 24, Thu
Gold price (XAU/USD) is turning positive, recovering above the $$3,300 level at the time of writing on Thursday after two days of firm selling pressure since it topped at $3,500 on Tuesday.
placeholder
Gold price surges past $3,300 on trade jitters, yield slump reviving haven demandGold price snapped two days of losses on Thursday and rose $50, or more than 1.50%, amid renewed concerns about the US-China trade war.
Author  FXStreet
Yesterday 03: 51
Gold price snapped two days of losses on Thursday and rose $50, or more than 1.50%, amid renewed concerns about the US-China trade war.
placeholder
Gold price consolidates in a range; bulls have the upper hand while above $3,300Gold price (XAU/USD) struggles to capitalize on the previous day's move higher and oscillates in a narrow trading band during the Asian session on Friday amid mixed fundamental cues.
Author  FXStreet
Yesterday 03: 53
Gold price (XAU/USD) struggles to capitalize on the previous day's move higher and oscillates in a narrow trading band during the Asian session on Friday amid mixed fundamental cues.
placeholder
Gold edges down amid clash over status of US-China trade talksGold price is on the back foot on Friday, almost erasing all of Thursday’s gains, and looks set to close off this week in the red.
Author  FXStreet
20 hours ago
Gold price is on the back foot on Friday, almost erasing all of Thursday’s gains, and looks set to close off this week in the red.
goTop
quote